6529 Update command

README.md

@@ -135,10 +135,17 @@ To add a new package:
 6529 add -D <package>
 ```
 
+To apply audit fixes:
+
+```bash
+6529 update
+```
+
 `6529 install` and `6529 i` only reinstall the existing dependency set. They do
 not accept package names. To add a dependency, use `6529 add <package>`.
-`6529 add` goes through the same Socket Firewall protected path as secure
-installs.
+`6529 add` and `6529 update` go through the same Socket Firewall-protected path
+as secure installs.
+For an intentional broader pnpm update, use `6529 update:all`.
 
 Plain `pnpm install`, `pnpm dev`, and `npm run ...` repo script execution are intentionally blocked. Use the `6529` wrapper only.
 
@@ -149,6 +156,7 @@ If `direnv` is enabled for the repo, you can also use the repo-local wrapper:
 
 ```bash
 6529 install
+6529 update
 6529 run dev
 6529 run build
 6529 approve-builds

__tests__/components/providers/AppKitAdapterManager.test.ts

@@ -18,7 +18,7 @@ jest.mock("@reown/appkit-adapter-wagmi");
 jest.mock("@/wagmiConfig/wagmiAppWalletConnector", () => ({
   createAppWalletConnector: jest.fn(() => ({ id: "mock-connector" })),
 }));
-jest.mock("@/constants", () => ({
+jest.mock("@/constants/constants", () => ({
   CW_PROJECT_ID: "12345678-1234-1234-1234-123456789abc", // Valid UUID format
 }));
 

__tests__/utils/appkit-initialization.utils.test.ts

@@ -0,0 +1,83 @@
+import { initializeAppKit } from "@/utils/appkit-initialization.utils";
+import { createAppKit } from "@reown/appkit/react";
+import { mainnet } from "viem/chains";
+import type { AppKitAdapterManager } from "@/components/providers/AppKitAdapterManager";
+import type { WagmiAdapter } from "@reown/appkit-adapter-wagmi";
+
+jest.mock("@reown/appkit/react", () => ({
+  createAppKit: jest.fn(() => ({
+    ready: jest.fn(() => Promise.resolve()),
+  })),
+}));
+
+jest.mock("@/constants/constants", () => ({
+  CW_PROJECT_ID: "12345678-1234-1234-1234-123456789abc",
+}));
+
+jest.mock("@/config/env", () => ({
+  publicEnv: {
+    BASE_ENDPOINT: "https://6529.io",
+    NODE_ENV: "test",
+  },
+}));
+
+jest.mock("@/utils/error-sanitizer", () => ({
+  isIndexedDBError: jest.fn(() => false),
+  logErrorSecurely: jest.fn(),
+}));
+
+describe("initializeAppKit", () => {
+  const adapter = {
+    wagmiConfig: { id: "wagmi-config" },
+  } as unknown as WagmiAdapter;
+  let adapterManager: jest.Mocked<
+    Pick<AppKitAdapterManager, "createAdapterWithCache">
+  >;
+
+  beforeEach(() => {
+    jest.clearAllMocks();
+    adapterManager = {
+      createAdapterWithCache: jest.fn(() => adapter),
+    };
+  });
+
+  it("disables AppKit's default Coinbase connector on Capacitor", () => {
+    initializeAppKit({
+      wallets: [],
+      adapterManager: adapterManager as unknown as AppKitAdapterManager,
+      isCapacitor: true,
+      chains: [mainnet],
+    });
+
+    expect(adapterManager.createAdapterWithCache).toHaveBeenCalledWith(
+      [],
+      true,
+      [mainnet]
+    );
+    expect(createAppKit).toHaveBeenCalledWith(
+      expect.objectContaining({
+        enableCoinbase: false,
+      })
+    );
+  });
+
+  it("keeps AppKit's default Coinbase connector enabled outside Capacitor", () => {
+    initializeAppKit({
+      wallets: [],
+      adapterManager: adapterManager as unknown as AppKitAdapterManager,
+      isCapacitor: false,
+      chains: [mainnet],
+    });
+
+    expect(adapterManager.createAdapterWithCache).toHaveBeenCalledWith(
+      [],
+      false,
+      [mainnet]
+    );
+    expect(createAppKit).toHaveBeenCalledWith(
+      expect.objectContaining({
+        enableCoinbase: true,
+      })
+    );
+  });
+});

bin/6529

@@ -23,6 +23,8 @@ Common commands:
   6529 install:frozen  -> pnpm run install:secure:frozen
   6529 ci              -> pnpm run install:secure:frozen
   6529 install:prod    -> pnpm run install:secure:prod
+  6529 update          -> sfw pnpm audit --fix
+  6529 update:all      -> sfw pnpm update
   6529 run dev         -> pnpm run dev
   6529 run build       -> pnpm run build
   6529 approve-builds  -> pnpm approve-builds
@@ -123,6 +125,19 @@ case "$command_name" in
     node "$REPO_ROOT/scripts/assert-no-package-lock.cjs"
     exec node "$REPO_ROOT/scripts/run-secure-pnpm.cjs" add "$@"
     ;;
+  update)
+    if [[ "$#" -gt 0 ]]; then
+      echo "\`6529 update\` runs audit fixes and does not accept package arguments." >&2
+      echo "Use \`6529 update:all [package...]\` for intentional pnpm updates." >&2
+      exit 1
+    fi
+    node "$REPO_ROOT/scripts/assert-no-package-lock.cjs"
+    exec node "$REPO_ROOT/scripts/run-secure-pnpm.cjs" audit --fix
+    ;;
+  update:all)
+    node "$REPO_ROOT/scripts/assert-no-package-lock.cjs"
+    exec node "$REPO_ROOT/scripts/run-secure-pnpm.cjs" update "$@"
+    ;;
   prune:prod)
     exec "$REAL_PNPM" run prune:prod "$@"
     ;;

docs/developer/pnpm-and-socket-firewall.md

@@ -16,6 +16,8 @@ The supported entrypoint is the repo-local `6529` command:
 6529 install
 6529 install:frozen
 6529 install:prod
+6529 update
+6529 update:all
 6529 run dev
 6529 run build
 6529 approve-builds
@@ -54,6 +56,18 @@ Then install dependencies:
 6529 install
 ```
 
+To apply audit fixes, use the same secure wrapper path:
+
+```bash
+6529 update
+```
+
+For an intentional broader pnpm update, use:
+
+```bash
+6529 update:all
+```
+
 After bootstrap, prefer the bare `6529` command for day-to-day work while you
 are inside this repository. Outside the repo, `6529` should remain unavailable.
 The repo-local `./bin/6529` entrypoint is still appropriate for cases like

package.json

@@ -108,8 +108,9 @@
     "@tanstack/react-query": "5.95.2",
     "@tanstack/react-virtual": "3.13.23",
     "@types/lodash": "4.17.24",
+    "@wagmi/core": "2.22.1",
     "aws-rum-web": "1.25.0",
-    "axios": "1.15.0",
+    "axios": "1.15.2",
     "bootstrap": "5.3.8",
     "capacitor-secure-storage-plugin": "0.11.0",
     "chart.js": "4.5.1",
@@ -167,14 +168,14 @@
     "three": "0.163.0",
     "unified": "11.0.5",
     "use-debounce": "10.1.0",
-    "uuid": "10.0.0",
+    "uuid": "14.0.0",
     "viem": "2.47.6",
     "wagmi": "2.19.5",
     "zod": "3.25.76"
   },
   "devDependencies": {
-    "@openapitools/openapi-generator-cli": "2.31.1",
     "@jest/globals": "30.3.0",
+    "@openapitools/openapi-generator-cli": "2.31.1",
     "@playwright/test": "1.58.2",
     "@testing-library/jest-dom": "6.9.1",
     "@testing-library/react": "16.3.2",
@@ -188,7 +189,6 @@
     "@types/react-dom": "19.2.3",
     "@types/react-scroll": "1.8.10",
     "@types/react-toggle": "4.0.5",
-    "@types/uuid": "9.0.8",
     "autoprefixer": "10.4.27",
     "babel-jest": "30.3.0",
     "babel-plugin-react-compiler": "1.0.0",
@@ -219,7 +219,7 @@
     "nodemon": "3.1.14",
     "pino-pretty": "13.1.3",
     "playwright": "1.58.2",
-    "postcss": "8.5.8",
+    "postcss": "8.5.12",
     "prettier": "3.8.1",
     "prettier-plugin-tailwindcss": "0.7.2",
     "react-doctor": "0.0.33",